From e1b00bd19810736ea5244e3dbb8cf09525127315 Mon Sep 17 00:00:00 2001
From: Florian Zschocke <florian.zschocke@cycos.com>
Date: Fri, 22 Nov 2013 10:28:05 -0500
Subject: [PATCH] Merge pull request #122 from fzs/ldap-deref-alias

---
 releases.moxie                                 |    1 +
 src/main/java/com/gitblit/LdapUserService.java |   26 +++++++++++++++++++++++++-
 2 files changed, 26 insertions(+), 1 deletions(-)

diff --git a/releases.moxie b/releases.moxie
index 551771e..5433a9d 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -32,6 +32,7 @@
 	- By default GO will now bind to all interfaces for both http and https connectors.  This simplifies setup for first-time users.	
 	- Removed docs indicator on the repositories page
 	- Removed the repository setting to enable Markdown document enumeration, this is now automatic and expanded
+	- Retrieve LDAP groups with dereferencing aliases (pr-122)
     additions:
 	- Added an optional MirrorExecutor which will periodically fetch ref updates from source repositories for mirrors (issue-5).  Repositories must be manually cloned using native git and "--mirror".
 	- Added branch graph image servlet based on EGit's branch graph renderer (issue-194)
diff --git a/src/main/java/com/gitblit/LdapUserService.java b/src/main/java/com/gitblit/LdapUserService.java
index 5a2dbdc..888d13c 100644
--- a/src/main/java/com/gitblit/LdapUserService.java
+++ b/src/main/java/com/gitblit/LdapUserService.java
@@ -20,6 +20,7 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.security.GeneralSecurityException;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -35,11 +36,13 @@
 import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.StringUtils;
 import com.unboundid.ldap.sdk.Attribute;
+import com.unboundid.ldap.sdk.DereferencePolicy;
 import com.unboundid.ldap.sdk.ExtendedResult;
 import com.unboundid.ldap.sdk.LDAPConnection;
 import com.unboundid.ldap.sdk.LDAPException;
 import com.unboundid.ldap.sdk.LDAPSearchException;
 import com.unboundid.ldap.sdk.ResultCode;
+import com.unboundid.ldap.sdk.SearchRequest;
 import com.unboundid.ldap.sdk.SearchResult;
 import com.unboundid.ldap.sdk.SearchResultEntry;
 import com.unboundid.ldap.sdk.SearchScope;
@@ -404,7 +407,7 @@
 		for (Attribute userAttribute : loggingInUser.getAttributes())
 			groupMemberPattern = StringUtils.replace(groupMemberPattern, "${" + userAttribute.getName() + "}", escapeLDAPSearchFilter(userAttribute.getValue()));
 
-		SearchResult teamMembershipResult = doSearch(ldapConnection, groupBase, groupMemberPattern);
+		SearchResult teamMembershipResult = doSearch(ldapConnection, groupBase, true, groupMemberPattern, Arrays.asList("cn"));
 		if (teamMembershipResult != null && teamMembershipResult.getEntryCount() > 0) {
 			for (int i = 0; i < teamMembershipResult.getEntryCount(); i++) {
 				SearchResultEntry teamEntry = teamMembershipResult.getSearchEntries().get(i);
@@ -436,7 +439,28 @@
 			return null;
 		}
 	}
+	
+	private SearchResult doSearch(LDAPConnection ldapConnection, String base, boolean dereferenceAliases, String filter, List<String> attributes) {
+		try {
+			SearchRequest searchRequest = new SearchRequest(base, SearchScope.SUB, filter);
+			if ( dereferenceAliases ) {
+				searchRequest.setDerefPolicy(DereferencePolicy.SEARCHING);
+			}
+			if (attributes != null) {
+				searchRequest.setAttributes(attributes);
+			}
+			return ldapConnection.search(searchRequest);
 
+		} catch (LDAPSearchException e) {
+			logger.error("Problem Searching LDAP", e);
+
+			return null;
+		} catch (LDAPException e) {
+			logger.error("Problem creating LDAP search", e);
+			return null;
+		}
+	}
+	
 	private boolean isAuthenticated(LDAPConnection ldapConnection, String userDn, String password) {
 		try {
 			// Binding will stop any LDAP-Injection Attacks since the searched-for user needs to bind to that DN

--
Gitblit v1.9.1